[Security Weekly] US Treasury, Microsoft, FireEye Among Others Breached in SolarWinds Supply Chain Attack

cover image

3rd Week of December 2020

 

1. US government agencies, Microsoft, FireEye among others breached in SolarWinds supply chain attack

A massive supply chain attack at software provider SolarWinds had led to the compromise of a number of US government agencies and companies. Victims included the US Department of the Treasury, Department of Commerce, Department of Energy, which is in charge of storing and maintaining nuclear weapons stockpiles, along with Microsoft and cybersecurity giant FireEye. The case was so severe that it led to a rare meeting of the US National Security Council at the White House on December 12.

This was a typical supply chain attack where the hackers initially installed malware into SolarWinds’ Orion software updates. Later investigations suggested that malware was present in the Orion update versions released between March and June 2020. The compromise of SolarWinds’ network had eventually led to the breach of a series of networks down the supply chain.

The specific damages and risks posed to the end customers and the public have not been confirmed yet. Ongoing investigations suggest that the US was not the only target and that more victims from abroad would likely be found. The US government attributed the attack to APT29, a state-sponsored hacker group affiliated with the Russian Foreign Intelligence Service.

Sources: ZDNet, Threatpost, CNN

 

2. 45 million sensitive medical images with PHI exposed online, research shows

A six-months long research on medical device security conducted by cybersecurity firm CybelAngel found over 45 million medical images exposed online from a total of 2,140 unsecured database servers across 67 countries.

These exposed medical images are highly sensitive, including X-rays, CT scans, and MRIs, all of which are accompanied by their corresponding patients’ personally identifiable information (PII) and personal health information (PHI). All these data were left unencrypted in open database servers so that anyone without any hacking skills could access them.

This data breach could lead to serious consequences as the exposed information could potentially be exfiltrated and sold, used for identity theft, or used to blackmail the victims.

Healthcare data, especially data generated from medical devices, are highly vulnerable to cyberattacks because the healthcare industry tends to lack funding for cybersecurity measures. This is why many healthcare providers choose MyDiamo as the encryption solution for their open-source database servers. MyDiamo allows for column-level encryption, and is a cheaper alternative to other enterprise solution packages, free for use by NGOs. Click here to learn more.

Sources: Threatpost, Infosecurity

 

3. Poland and Lithuania suffer sophisticated disinformation attack

Poland and Lithuania were targets of a large-scale disinformation campaign that compromised a number of government-related networks.

The Lithuania government disclosed that on December 9, hackers used sophisticated methods to gain access to a number of its content management systems and posted false information on websites run by government bodies.

One of the fake reports stated that a Polish diplomat was caught at the border smuggling drugs and weapons into Lithuania. Another reported that corruption was found at NATO’s Baltic air-policing mission.

The Polish government suggested that Russia was likely behind the attack due to the similarity in the attack patterns with previous disinformation campaigns launched by Moscow.

Sources: Infosecurity, The Associated Press

 

4. Spotify hit by cyberattack for the third time in a month

Spotify made a public statement on December 9 disclosing that the company suffered another data breach that impacted a “small subset” of its users, of which their user registration information was left exposed to a third-party partner of the firm.

The data breach was caused by a software flaw that was present in Spotify’s system between April 9 and November 12. The leaked information included the users’ display names, email addresses, passwords, genders, and dates of birth. The company again forced a password reset for those impacted users, and asked all users to pay attention to their account login activities.

This was the third cyberattack Spotify had suffered during the past month. The first attack was when it suffered a massive account takeover caused by a credential stuffing campaign, while the second was when a number of its celebrity accounts were taken over and used to send messages supporting Donald Trump.

Sources: Threatpost, SC Media

 

Check out Penta Security’s product lines:

Web Application Firewall: WAPPLES

Database Encryption: D’Amo

Identity and Access Management: ISign+ 

Car, Energy, Factory, City Solutions: Penta IoT Security